CODEWITHSUNDEEP
azureapache-sparkazure-keyvaultazure-synapse
javadev
javadev

Reputation: 287

Azure Synapse Spark pool command to list all secrets in Key Vault

Hope you are doing well.

Is there a command in the Spark Utilities to see all secrets in an Azure Key Vault run in an Azure Synapse Spark Notebook?

Page https://learn.microsoft.com/en-us/azure/synapse-analytics/spark/microsoft-spark-utilities?pivots=programming-language-python#credentials-utilities

I can reference a Secret Like so mssparkutils.credentials.getSecret('azure key vault name','secret name') but can I list all the secrets? Thanks

Upvotes: 1

Views: 2110

Answers (2)

wBob
wBob

Reputation: 14389

You can call Azure Key Vault (AKV) via its REST API and the GetSecret methods, which returns a list of secrets in their full URL form. You could use a Web activity in Synapse pipelines to call this. Example settings:

Setting Value Notes
URL {vaultBaseUrl}/secrets?api-version=7.2 See below for sample URL
Method GET
Authentication Managed Identity
Resource https://vault.azure.net

Sample Key Vault URL

https://yourKeyVault-akv.vault.azure.net/secrets?api-version=7.2

Sample results:

{
    "value": [
        {
            "id": " https://yourKeyVault-akv.vault.azure.net/secrets/somepassword ",
            "attributes": {
                "enabled": true,
                "created": 1635948403,
                "updated": 1635948403,
                "recoveryLevel": "Recoverable+Purgeable",
                "recoverableDays": 90
            },
            "tags": {}
        },
        {
            "id": " https://yourKeyVault-akv.vault.azure.net/secrets/someusername ",
            "attributes": {
                "enabled": true,
                "created": 1635949171,
                "updated": 1635949171,
                "recoveryLevel": "Recoverable+Purgeable",
                "recoverableDays": 90
            },
            "tags": {}
        }
    ],

You are able to loop through the values with a For Each activity, eg the Items value would be:

@activity('Web Get AKV Secrets').output.value

Refer to the individual secret inside the For Each activity like this:

@item.id

Get the actual secret name by using split and last functions, eg

@last(split(item().id, '/'))

You could then pass the individual secret name or the collection into a Synapse notebook as a parameter.

Upvotes: 1

CHEEKATLAPRADEEP
CHEEKATLAPRADEEP

Reputation: 12768

Unfortunately, there is no command available to list all secrets in Key Vault.

enter image description here

You may checkout my answer on MS Q&A platform on how to use Access Secret from vault using Synapse pyspark notebook.

Appreciate if you could share the feedback on our Azure Synapse feedback channel. Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.

Upvotes: 1

Related Questions